EFF to stop HTTPS Everywhere extension, says its mission accomplished

KeywordsHTTPS Everywhere

With HTTPS adoption increasing and web browsers offering native control, the Electronic Frontier Foundation (EFF) has decided to move its popular browser extension HTTPS Everywhere into maintenance mode in 2022. The company said the extension, introduced 10 years ago, was designed to make it redundant as it is today.

HTTPS Everywhere is an extension available for web browsers such as Firefox, Chrome, Microsoft Edge, Opera, and Vivaldi that, when installed, loads HTTP websites over HTTPS whenever possible. When the extension was originally available, most websites did not support HTTPS.

Since Mozilla, Google, and Microsoft teamed up to increase HTTPS adoption on the web, HTTPS enforcement has become unnecessary. Not only have many websites moved from HTTP to HTTPS in recent years, but web browsers have provided a setting to load web pages over a secure connection, in HTTPS-only mode or HTTPS-first mode, if possible. The Firefox browser offers this feature, as do Microsoft’s Edge and Chrome.

So enabling the pure HTTPS mode setting is all that users need to do in their web browsers going forward, they can now remove the HTTPS everywhere extension.

“The goal of HTTPS everywhere has always been to be redundant. This will mean that we have achieved an even bigger goal: a world where HTTPS is widely available and users no longer need an extra browser extension to get it. Now, that world is bigger than ever Anytime closer to mainstream browsers provide native support for pure HTTPS mode.”

HTTPS Everywhere will be in maintenance mode throughout 2022, the EFF said. The company promises to inform users of the native HTTPS-only mode option in their browsers before shutting down the extension entirely.

Google recently released Chrome 94 with HTTPS-only mode on desktop and Android. Users need to visit the security settings and toggle the “Always use a secure connection” option to enable the feature.

As such, users should not run HTTPS Everywhere with HTTPS-Only enabled in their web browser, as the two may conflict with each other, and the correct thing to do is to remove the extension, not disable it.

As of now, some web browser vendors are not confident enough to force HTTPS by default in browsers, and it may take some time for plain HTTPS mode to become the default in every web browser that supports it, be it Firefox or Microsoft Edge.

Author: Yoyokuo